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REMARKS 

Claims 2-19 remain pending, and claim 20 is canceled via the present submission. No 
claims are added. 

Claims 2-11 and 14-20 stand rejected under 35 U.S.C. § 103(a) as obvious over the ITL 
Bulletin pubUshed by the U.S. Government (ITL) in view of Golan, U.S. Patent No. 5,974,549. 
Because claim 20 is now canceled, its rejection is moot. Regarding claims 2-11 and 14-19, 
applicants respectfully traverse this rejection. 

First, with respect to claims 2-9, base claim 2 describes an intrusion prevention system, 

which prevents intrusion into a regular data storage means. The intrusion prevention system has 

a decoy data storage means, and the claim 2 specifies that: 

... the regular data storage means and the decoy data storage means are 
respectively a regular region and a decoy region secured in different regions on 
the same server {emphasis added]. 

Claims 3-9 depend from claim 2, so they also describe this subject matter. 

The rejection relies on ITL as a primary reference teaching an intrusion prevention 

system having a regular data storage means and a decoy data storage means. As support, the 

Office Action references an entire column of text ("see page 4, column 3"). On page 10 of the 

Office Action, a comment (apparently relating to claim 10) implies that an ITL computer 

anticipates the "regular data storage means" and the ITL padded cell host anticipates the "decoy 

data storage means." However, the Office Action provides no clearly identified comments 

relating to claim 2. 

Regarding additional subject matter recited in the claims, ITL is not relied upon to teach a 
regular region and a decoy region secured "in different regions on the same server." Instead, the 
rejection relies on Golan to suggest modifying the ITL system to have this feature. To support 
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such reliance, the Office Action provides a citation to column 2, lines 13-28 & 39-48, and 
column 5, lines 37-59. However, this is not a proper explanation of how the cited portions of 
Golan would have suggested that the ITL regular region and decoy region (never clearly 
identified) should be secured in different regions on the same server as claimed. 

In the submission to the PTO of July 22, 2005 (page 14), applicants explained that the 
Golan technology differs significantly from the ITL technology as follows: In ITL, an intrusion 
is detected and then redirected. In contrast, Golan discloses that, when downloaded software 
(whether an intrusion or requested) is detected, a sandbox is created around it. The cited text 
does not discuss redirecting the downloaded software. 

In the present Office Action, the Office Action provides the response (page 9) that ITL, 
not Golan, is relied upon to teach the redirection. However, such response does not disprove 
applicants' argument that the Golan technology differs significantly from the ITL technology. 

The Office Action also provides the response (page 9) that Golan is only relied upon to 
teach a secure area within one system. However, a teaching of a secure area within one system is 
not the same as a teaching of a regular data storage means and a decoy data storage means being 
secured in different regions on the same server as claimed.^ 

Thus, the PTO alleges that Golan provides sufficient motivation to modify the ITL 
system so that its unidentified computer and its padded cell host would be secured in different 
regions on the same server as claimed. However, to justify reliance on Golan accordingly, the 
PTO indicates that it only needs to provide a citation of a secure area within one system (even 
though a "system" and a "server" are not the same). 

Therefore, the rejection of claims 2-9 is unjustified for at least two reasons: 



^ Applicants do not even concede that a "system" can anticipate a "server." 
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First, the PTO relies on a supposed teaching of a secure memory area within an entire 
system as suggesting that elements may reside on a single server, but there is no further 
explanation provided in the Office Action of why a person skilled in the art would view a 
disclosure of elements of a system as a suggestion to place some of the system's elements on the 
same server. (Of course, a server is not synonymous with a system.) The PTO does not even 
identify a server in Golan. 

Second, even if the PTO did cite a teaching in Golan of a regular data storage means and 
a decoy data storage means being respectively a regular region and a decoy region secured in 
different regions on the same server, the PTO would still need to explain why someone would 
want to design the ITL system to have its regular data storage means and decoy data storage 
means as a regular region and a decoy region secured in different regions on the same server."^ A 
mere showing of such arrangement in Golan (assuming such subject matter is actually shown in 
the Office Action) is insufficient to motivate a person to redesign the ITL system."^ 

Accordingly, the rejection of claims 2-9 is imjustified for at least two reasons. 

Regarding claims 10, 11, and 14-19, base claim 10 describes an intrusion prevention 

system, which prevents intrusion into a regular data storage means. The intrusion prevention 

system has a decoy data storage means, and claim 10 specifies that: 

the regular data storage means is a regular server, and the decoy data storage 
means is a decoy server provided together with the regular server. 

Claims 1 1 and 14-19 depend from claim 10, so they also describe this subject matter. 



^ Applicants do not concede that the PTO accurately presents the teachings of Golan. 

^ To establish a prima facie case of obviousness, there must be some suggestion or motivation, either in ITL or 
Golan themselves or in the knowledge generally available to one of ordinary skill in the art, to modify the ITL or to 
combine reference teachings. MPEP § 2143. 

^ Note, for example, that the PTO did not show how or even allege that Golan suggests that the redesigned ITL 
system would be improved. 
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The rejection relies on page 4, column 3, of ITL. More specifically, the Office Action 
indicates on page 8 that a "computer" is the "regular server" and that a "padded cell host" is a 
"decoy server" as recited in the claims. However, the cited column does not even recite the term 
"computer," and applicants find no reason to conclude that the disclosed padded cell host must 
be embodied in a separate server fi-om the unidentified computer. Note that the claim recites a 
"regular server" and a "decoy server/' so an anticipating disclosure v^ould need to state that the 
padded cell host resides in a server that is separate from the regular (and unidentified) 
"computer." 

Because the Office Action only notes a recitation of "padded cell host" without 
explaining how ITL could be interpreted as disclosing that this padded cell host resides in a 
server that is separate fi-om the regular server, the rejection of claims 1 1 and 14-19 has not been 
justified. 

Applicants also stress that the sandbox disclosed in Golan is a security model for 
preventing, by making a program operate within a protected means (sandbox), an adverse effect 
on the outside thereof. Such is significantly different from the claimed invention. 

Note, for example, that a "regular data storage means" and a "decoy data storage means" 
are literally means for storing data and are not means where a program is executed, such as in a 
sandbox. Furthermore, in Golan, only a safe means (sandbox) is present, and there is no hint of a 
"regular data storage means" or a "decoy data storage means." Therefore, the disclosures of ITL 
and Golan cannot be combined as described in the Office Action. 

Accordingly, withdrawal of the obviousness rejection of claims 2-1 1 and 14-19 is hereby 
requested. 



11 



Application Serial Number: 09/963,789 



Claims 12 and 13 stand rejected under 35 U.S.C. § 103(a) as obvious over ITL and Golan 
in view of FOLDOC (an on-line dictionary). Applicants respectfully traverse this rejection. 

The obviousness rejection of claims 12 and 13 is based in part on ITL and Golan 
rendering parent claim 10 obvious. However, as explained above, ITL and Golan cannot render 
claim 10 obvious. Therefore, the obviousness rejection of claims 12 and 13 carmot be proper. 

Accordingly, withdrawal of the obviousness rejection of claims 12 and 13 is now 
requested. 

In view of the remarks above, applicants now submit that the application is in condition 
for allowance. Accordingly, a Notice of Allowability is hereby requested. If for any reason it is 
believed that this application is not now in condition for allowance, the Examiner is welcome to 
contact applicants' undersigned attorney at the telephone number indicated below to discuss 
resolution of the remaining issues. 

If this paper is not timely filed, applicants petition for an extension of time. The fee for 
the extension, and any other fees that may be due, may be debited from Deposit Account No. 50- 
2866. 



1250 Connecticut Avenue, N.W., Suite 700 
Washington, DC 20036 
Tel: (202)822-1100 
Fax: (202) 822-1111 

JLF/af 

Q:\2001\01 1 152\01 1 152 response to 8-25-05 action.doc 



Respectfully submitted, 
WESTERMAN, HATTORI, DANIELS & ADRIAN, LLP 




Joseph L. Felber 
Attorney for Applicants 
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